Facebook Uses FriendFeed As A Testing Ground For The Next Generation Of OAuth

When Facebook bought FriendFeed a few months ago, no one was really sure what would happen to the service. The acquisition was mainly for FriendFeed’s talent, so there was much concern that FriendFeed would wither. And to an extent it has. But, as it’s proving today, it still can serve some purpose for Facebook: A testing ground for new technology.

As Facebook’s David Recordon writes today on the Developer Blog, the development team has implemented a prototype version of the new OAuth WRAP specification on FriendFeed. One of FriendFeed’s co-founders, Bret Taylor, who is now Facebook’s Director of Product Management for Platform, also writes at length about it on his own blog. The basic gist is that Facebook decided to test out implementing it in FriendFeed so that they could get feedback from anyone in the developer community that wants to try it out.

OAuth WRAP is potentially very important for a few reasons. Namely, it’s likely to be the next iteration of OAuth — and the first one that all the big companies like Facebook, Microsoft, Google, Yahoo, and others are all helping to make a new standard. It also should greatly simplify OAuth for developers. As Taylor writes in more technical speak:

The main difference between OAuth and OAuth WRAP is that WRAP does not have elaborate token exchanges or signature schemes. Instead, all server-to-server WRAP calls happen via SSL. The “access token,” which grants your client the ability to make API calls on a user’s behalf, is protected by SSL rather than by a shared secret and signature scheme.

Recordon notes that while Facebook Connect and its APIs don’t yet use OAuth, they will next year with OAuth WRAP. And from what I’m hearing, this is likely to be on the early-side of next year. This FriendFeed integration should show developers not only how far along it is already, but just how easy it is to both build on top of, and work with APIs that use it.

With the FriendFeed team and Recordon now on board at Facebook, the company has been taking the right steps towards being a more open part of the web. Soon after the acquisition, Facebook open-sourced FriendFeed’s realtime tech, called Tornado. They’re also hard at work on a new project called Open Graph, which isn’t getting a lot of buzz, but could potentially alter the social graph landscape of the web. And Facebook is even about to open its status updates for full Twitter syndication this week.